Configuring Network Attack Blocker settings

To configure the Network Attack Blocker settings:

1. In the Kaspersky Security Center Administration Console, open the properties of the policy whose scope includes the relevant virtual machines:
   1. In the console tree, select the folder or administration group in which the policy was created.
   2. In the workspace, select the Policies tab.
   3. Select a policy in the list of policies and double-click the policy to open the Properties: <Policy name> window.
2. In the policy properties window, in the Network threat protection section, select the Intrusion Prevention subsection.
3. Select the Detect network attacks check box if the network attack detection function is disabled.
4. Select an action in the drop-down list Action on detection of a network attack, if network protection is operating in standard mode.

   This drop-down list contains the actions that Kaspersky Security can perform when it detects a network attack on a protected virtual machine, if network protection is enabled in standard mode. You can select one of the following options:

   • Ignore. Kaspersky Security does not perform any actions to prevent the network attack.
   • Terminate connection. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated.
   • Terminate connection and block traffic from sender's IP address. Kaspersky Security terminates the connection between the protected virtual machine and the IP address from which the network attack originated, and also blocks traffic from this IP address. Traffic is blocked in the specific VLAN in which the attempted network attack was detected. The duration for blocking traffic is configured in the On threat detection, block traffic for N minutes field.

     This action is selected by default.

   Information about detected network attacks and the actions taken is sent to Kaspersky Security Center.

   You can select an action if the Detect network attacks check box is selected.

   If network protection works in the monitoring mode, when Kaspersky Security detects a network attack it performs the Ignore action.

5. If necessary, change the value of the setting On threat detection, block traffic for N minutes.

   The duration for blocking the traffic from IP address from which the network attack or suspicious network activity originated. When determining the source of a network attack or suspicious network activity, the application takes into account whether or not the traffic is from a virtual LAN (VLAN). Kaspersky Security blocks traffic from an IP address only in the VLAN in which a network attack or suspicious network activity was detected.

   The default blocking duration is 60 minutes.

6. If necessary, configure network threat protection exclusion rules that Kaspersky Security will use to exclude traffic of specific IP addresses from scans or apply special actions when processing such traffic.
7. In the Properties: <Policy name> window, click OK.